package com.woniuxy.controller;

import com.woniuxy.entity.ResponseEntity;
import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/rbacManager")
public class RbacManagerController {
    @RequestMapping("/findAll")
    public ResponseEntity findAll() {

        return new ResponseEntity(200, "ok", null);
    }

    @RequestMapping("/testRole")
    //这个controlle方法，需要一个角色，才允许你访问我的controller
    @RequiresRoles("普通员工")
    public ResponseEntity testRoles() {
        return new ResponseEntity(200, "拥有普通员工的权限，才能查出这句话", null);
    }

    @RequestMapping("/testPerm")
    //这个controller方法，需要一个角色，才允许你才能允许我的controller
    @RequiresPermissions(value = {"perm:list", "perm:update"}, logical = Logical.OR)
    public ResponseEntity testPerm() {
        return new ResponseEntity(200, "拥有list或update的权限，才能查出这句话", null);
    }

}
